WinPayloads: Generate Undetectable Windows Payloads!

An older post of mine – MicroSploit dealt with generating backdoored documents for the Office platform. This post is about another open source framework, called WinPayloads which helps you create custom malicious payloads for the Microsoft Windows operating system.

What is WinPayloads?

WinPayloads is an open source Microsoft Windows payload generator in Python that utilizes the Metasploit framework to generate AES encrypted payloads. These payloads are compiled using PyInstaller and the generate shellcode payload is executed using ctypes. You not only can use the Metasploit Meterpreter to generate payloads, set up a web server using the SimpleHTTPServer, bypass User Account Control (UAC) and use PsExec to execute processes on other systems..

Functions of WinPayloads:

UACBypass – Implements Invoke-BypassUAC.ps1 from PowerShellEmpire to bypass UAC. This module works on Local Administrator accounts only.

Payloads supported by WinPayloads:

Windows Reverse Shell: This payload will give the attacker a stageless reverse TCP shell. A listener will be automatically started using NetCat.

Windows Reverse Meterpreter: This payload will give the attacker a staged reverse TCP meterpreter shell. A listener will be automatically started using Metasploit.

Windows Bind Meterpreter: This payload will give the attacker a staged bind TCP meterpreter shell. Connection to the bind port will be automatically started using Metasploit.

Windows Reverse Meterpreter HTTPS: This payload will give the attacker a staged reverse HTTPS meterpreter shell. A listener will be automatically started using Metasploit.

Windows Reverse Meterpreter DNS: This payload will give the attacker a staged reverse TCP meterpreter shell with DNS name resolution. Good for dynamic IP addresses and persistence payloads. A listener will be automatically started using Metasploit.

As discussed earlier, you can also locally host the payload on a HTTP server and spray hashes to find a vulnerable target using PsExec.

Install WinPayloads:

WinPayloads depends on a few Python packages such as Blessed and PyASN1 in addition to Wine and Impacket. Installation is taken care by the installation script. You can start by checking out the WinPayloads GIT repository here.

Featured Post

Kali Linux 2019.1 is the latest Kali Linux release. This is the first 2019 release, which comes after Kali Linux 2018.4, that was made available in the month of October. This new release includes all patches, fixes, updates, and improvements since the last release – Kali Linux 2018.3, including a shiny new Linux kernel versionRead more about UPDATE: Kali Linux 2019.1 Release!